Re: Firewall AAA configuration

Run 'test aaa-server authentication ' on the Standby unit and check what the reason for the failure is.Enable 'debug aaa authentication' on the Standby unit and watch the output when you try to authenticate.

Re: Firewall AAA configuration

I agree with Marvin here that there is an issue with the ISE authorization profile configuration, however it is a bit strange that you are unable to access the secondary ASA via SSH or HTTPS. Have you tried to power-cycle the standby ASA?

Re: Firewall AAA configuration

You do know you can check the configuration on the standby ASA from the primary ASA, right?

for example you can issue the following command to se the AAA configuration on the standby

failover exec standby show run aaa

As long as failover is configured correctly I am having a hard time believing there is an issue with the configuration on the standby device. I am leaning towards either a process that is hanging on the standby which will be solved by rebooting the standby device, or an issue with configuration on ISE.

part1 here https://community.cisco.com/t5/security-blogs/mitm-attack-ipsec-what-happens-if-attacker-knows-ipsec-pre/ba-p/3756562
A brief summary of the part1 : we showed that the security level of IPSec with preshared key is equal to the secu...
view more

I have just received an email that looks like the attached (redacted) email telling me that I need to activate my Cisco Security account. What do I do with this?
Answer
1. This is an entitlement for a Cisco Security account. It is used ...
view more

As one of the largest security companies in the world, we take great pride in building solutions that many thousands of organizations trust to secure their networks. Small businesses and large enterprises alike rely on Cisco firewalls to keep their organi...
view more